Skip to content
  • Welcome to RiskbOWl – the first closed community of Risk professionals to share ideas, best practices and get a sense of peer practice, with the ability to anonymously ask questions, share perspectives, run targeted polls, and discuss recent regulatory developments. Find out the latest developments in the RiskbOWl community, including user guidelines, community rules, and latest functionality

    2 Topics
    2 Posts

    RiskBowl Live

    Following the success of our first RiskBowl Live session on wholesale credit risk modelling, we are delighted to announce our second get together on Model Risk & AI, to be held in late September 2025

    A moderated roundtable for Model Risk industry leaders to be held our Marylebone offices to share perspectives and discuss pressing topics under Chatham House Rules.

    Spaces are limited, so reach out to book your place

  • Discover our latest thinking across hot topics in risk management, drawn from serving the world's leading financial institutions and deep, industry-renowned expertise across risk and finance topics, including surveys, primers and points-of-view

    2 Topics
    2 Posts

    Conversations with our clients reveal the imperative of realizing the benefits from the promise of digitally transforming credit decisioning and lending journeys, driven by the need to control bank costs and retain customer loyalty in the face of competition from more nimble, digitally-native banks

    To better understand current trajectories in the lending transformation space, Oliver Wyman conducted a survey of banks across several markets, looking at the overarching burning platform, budgets, barriers to transformation, data, analytics, underlying technology, customer management, and organisational setup. In summary, our high-level, selected findings indicate

    Lending transformation is a high priority topic, with participants sequencing Retail and SME first in their lending transformation programs Respondents see the traditional incumbent breakthrough as the biggest competitive threat over the new fintech challenger looming on the horizon Decisioning time, revenue growth and cost reduction cited as top 3 benefits, whilst expected uplift is highest for customer experience Budget for lending allocation is approached on program level or on individual level, with very few respondents approaching it as a strategic objective Most budget is spent on customer journeys, internal workflows and underlying IT infrastructure rather than analytics capabilities

    Lending transformation survey infographic.png

    Reach out for more insight, but we’d be keen to hear from the RiskbOWl community how this stacks up against your lending transformation program – post your thoughts below !

  • Use this space for questions or broader topics pertaining to risk management, from the latest industry trends and regulatory developments, to the latest news and risk headlines potentially impacting the sector

    8 Topics
    11 Posts

    Welcome back to Risky Business, in which we take you through some of the headlines impacting the banking industry. Read on to hear how tariff-driven uncertainty prompts warning from regulators and banks alike of persisting volatility, rising RWA and provisions, prompting calls to remain vigilant or tempering risk-taking activities; also reported recently are alleged signs of waning focus on climate risk and ESG, at banks and the Bank of England. Feel free to give us your take on the stories, below the line

    Rising RWAs prompt EBA warning

    The Banker
    The European Banking Authority (EBA) has issued a warning about the significant rise in European banks' risk-weighted assets, which reached €9.8 trillion in 2024, due to escalating geopolitical tensions and cyber threats. The EBA emphasizes that banks in the European Economic Area are highly vulnerable to these geopolitical developments, which can impact not only credit risk but also market, liquidity, and operational risks, including cybersecurity issues. This alert underscores the need for increased vigilance among banks to manage these looming risks effectively

    International trade volatility drives provisions

    S&P
    In the first quarter, European banks experienced an 18% year-over-year increase in loan loss provisions, amounting to €11.48 billion, driven by uncertainties in international trade policies that threaten asset quality. The European Central Bank's Financial Stability Review highlighted concerns over rising nonperforming loans and provisioning costs, particularly affecting banks with significant exposure to extra-EU trade sectors. Notably, Barclays and Lloyds Banking Group saw substantial increases in provisions due to macroeconomic uncertainties and tariff risks, while UniCredit and Groupe BPCE reported the largest quarterly rises in problem loan ratios

    Stagflation warnings from JP Morgan

    City AM
    JPMorgan Chase has issued a warning that the US economy might face a threat more severe than a recession, known as stagflation, characterized by simultaneous high inflation and stagnant economic growth. The bank's CEO, Jamie Dimon, expressed concerns over the potential negative impacts of recent aggressive trade policies, including US tariffs, which could hinder economic growth despite a recent stock market rally. Dimon urged caution, highlighting that global fiscal deficits, remilitarization, and trade restructuring are all contributing to inflationary pressures that could lead to economic instability

    UK banks chastised for lack of risk appetite for green finance

    FT
    A senior executive at the UK's National Wealth Fund has criticized UK banks and money managers for their insufficient risk appetite necessary to drive the low-carbon transition. Ian Brown, head of banking and investments, emphasized that private sector involvement is crucial for achieving Britain's net-zero targets, as relying solely on public funds is impractical. Despite Barclays' efforts in financing climate tech startups, Brown noted that institutional investors remain overly cautious, focusing on established technologies rather than taking construction and technology risks

    Bank of England staff depart after downgrade of climate risk

    FT
    The Bank of England has shifted its focus away from climate and nature risk since Andrew Bailey became governor, leading to concerns that the financial sector may be under prepared for these issues, according to ex-BoE staff. Despite the UK having legally binding targets for net-zero carbon emissions by 2050, the BoE has faced criticism from former staff and think tanks for downgrading climate change in its priorities. There are mixed messages from government officials about prioritizing growth over climate objectives, which has affected the BoE's technical risk-modelling capacity

    Goldman tempers risk-taking in expectation of tariff-fueled uncertainty

    Reuters
    Goldman Sachs has strategically reduced its risk exposure following US President Donald Trump's tariff announcement, preparing for increased uncertainty in financial markets. Despite these measures, Goldman remains active in absorbing client risks while adapting its operations to maintain liquidity and stability. The bank anticipates continued adjustment in areas such as capital spending and mergers, with the US economy showing resilience amid concerns regarding fiscal deficits and interest rate trajectories

  • With the global economy entering what can only be described as a critical inflection point, particularly in terms of trade, institutions are mobilising to better understand how the recent upending of trading relations will impact either lending portfolios or operations in the short term, and impacts of the shifting geopolitical landscape in the longer term. Join the discussion and compare notes on how your peers are managing these novel risks

    12 Topics
    12 Posts

    Since we wrote about geopolitical risk last year, we have seen industry practice evolve and we felt an update is warranted. Over the past six months, geopolitical risk has evolved from a peripheral factor to a structural dimension of enterprise risk management. Across client engagements in Europe, the US, and APAC, we observe a clear shift: leading banks are beginning to treat geopolitical uncertainty not just as a backdrop to macroeconomic scenarios or part of the Country Risk Teams, but as a direct risk driver.

    The change is being accelerated by supervisory focus—particularly in Europe. Institutions are expected to treat geopolitical developments as a material influence on their risk profile, both from a financial and non-financial perspective. The ECB has elevated this expectation as part of its core supervisory agenda for 2025–2027, which is already shaping risk steering discussions at board level.

    At a practical level, we see three main developments gaining traction:

    Geopolitical risk is becoming multi-dimensional. It's no longer confined to sovereign credit or country risk. The emerging practice is clear: geopolitical risk must be treated not as a siloed topic, but as a cross-cutting input into enterprise steering—from risk appetite to capital strategy, from third-party governance to digital infrastructure planning.

    Operational exposure is moving to the forefront. With increasing tension in global trade, the resilience of core operations—especially IT and critical vendor networks—is under renewed scrutiny. Cybersecurity, cloud sovereignty, and compliance with regional digital sovereignty laws (e.g. DORA) are now viewed through a geopolitical lens.

    Risk management approaches are becoming more forward-thinking. Rather than waiting for events to materialize, banks are building structured response capabilities based on scenario analysis, cross-functional simulations, and targeted early-warning frameworks.

    In conversations with risk and strategy executives across global banks, a common theme is emerging: the need to move from fragmented, reactive risk tracking to a coherent and mature, cross-functional framework that embeds geopolitical thinking into core risk processes.

    d0f2aaf0-a352-4ff7-9158-5d46bf252bce-image.png

    Figure 1: Oliver Wyman Geopolitical Risk Management Framework

    While practices vary widely, two elements are consistently present among institutions leading the field, which we describe below: top-down portfolio scans for geopolitical sensitivity, and crisis simulation.

    Top-Down Portfolio Scans for Geopolitical Sensitivity

    Before banks can simulate or plan for geopolitical disruption, they need clarity on where they are most exposed. That requires a structured, top-down portfolio view—not just of credit and market exposures, but of operational and third-party dependencies that could be vulnerable to geopolitical shifts. Risk measurement and quantification have also made progress, where top-down portfolio analysis is typically the starting point to prioritize efforts across the existing risk types.

    When starting with the analysis, the selection of portfolio scope is the first determinant. Peers are typically starting with the lending, securities and deposits portfolio on group level. When defining the scenarios for the portfolio assessment institutions employ a small set of intuitive, high-level geopolitical risk scenarios such as increasing trade and investment restrictions.

    The portfolio segmentation is analyzed for vulnerability to 1st and selected 2nd order effects (especially energy / commodity prices and supply chain disruptions). For the top-down portfolio assessment, most institutions conduct a qualitative impact assessment, clearly identifying relevant risk drivers for the respective primary risk types.

    Multi-format crisis simulation

    Once sensitive exposure areas are identified, banks can run simulations to assess how geopolitical events would affect their operations, risk profile, and strategic posture. This is no longer a theoretical exercise. Take the energy-related grid shutdown in Spain, Portugal and France earlier this year. While the root causes were not directly geopolitical, the systemic impact mirrored what could happen in a true geopolitical escalation—forcing multiple banks to activate contingency procedures, reroute processing, and adjust liquidity buffers in real-time.

    Crisis simulations with geopolitical triggers serve three key purposes:

    They test multi-dimensional resilience—from financial metrics (capital, liquidity) to operational continuity and reputational response;

    They sharpen cross-functional preparedness: involving risk, IT, legal, communications, and business continuity teams in a coordinated stress response; and

    They surface second- and third-order effects—such as delays in reporting due to system outages, failure of key vendors in conflict regions, or jurisdictional clashes over regulatory compliance

    Depending on the institution’s maturity and exposure, a range of simulation formats is currently being used, from tabletop exercises for initial risk awareness and coordination, through war-gaming scenarios that simulate adversarial moves across regulatory or geopolitical dimensions, all the way to full-scale crisis simulations, including real-time decision-making, interdepartmental coordination, and post-mortem analysis.

    We are experiencing a new wave of tariff announcements and conflict in the Middle East. While short-term uncertainty may dominate headlines, leading institutions treat it as a catalyst for deliberate, long-term positioning. Key structural shifts—around global alignment, digital sovereignty, and economic fragmentation—require active engagement and banks are using this phase to start building lasting resilience through governance, scenario design, and strategic alignment.

  • The dedicated space to converse with peers and our experts on all aspects of credit risk, from the technicalities of modelling using internal approaches, credit decisioning and underwriting, credit risk appetite, governance and monitoring, provisioning, and regulatory requirements

    36 Topics
    96 Posts
    RiskBowl Live - Wholesale Credit Risk Modelling Roundtable London, 30th June

    The inaugural session of our Oliver Wyman-moderated RiskBowl Live series brought together senior risk and modelling practitioners from the UK's largest banks. It was well-received by the attendees, which also included our guest attendee, Colin Jennings (senior ex-PRA, industry practitioner).

    The discussion covered the finer points of current industry trends and practices of wholesale credit risk modelling, from more the general points, such as supervisory interactions, scales of IRB usage, and model implementation, to more segment specific questions for corporate, bank, and NBFI exposures.

    Whilst we covered lots of ground, there were still many topics that we ran out of time to discuss that we will aim to cover at the next iteration of RiskBowl Live in November - reach out if you'd like to participate.

    High-level Roundtable discussion summary

    General IRB topics

    Interaction with the Regulator

    Firms do not have a clear view of PRA’s expectations on whether a model needs to be formally withdrawn or can be remediated (for example, approved with obligations similar to the ECB’s approach)

    In general, models that have fewer issues are open for remediation, but in practice, banks have much more to do a lot given the moving target

    It was noted that this stance may evolve with the PRA’s formal “minded to approve” approach, e.g., as they have done with mortgages models

    An additional accelerator is the increased 2LoD responsibility - due to higher submission volumes, the ECB is allowing model validation teams to close lower severity findings (F1, F2) without further escalation

    Raising the bar on IRB usage, including the F-IRB reversion

    Several banks outlined a significant simplification of their modelling landscape over the last couple of years

    Multiple institutions are evaluating F-IRB reversion for entire asset classes, contingent upon business case justification (especially where unsecured exposures are more prevalent)

    It was emphasised that, consistent with CRR Article 494(d), reversion must apply to the whole asset class (or e.g., fully for the non-retail part of SME)

    Model Implementation

    The benefits of shadow implementation were discussed, including the ability to gather business feedback and provide evidence of use test

    Although shadow implementation is a regulatory requirement under the ECB framework, its adoption for wholesale models in the UK remains limited

    Segment specific questions - Corporates

    Model segmentation

    Historically, model segmentation has been influenced by business unit and system boundaries

    Regulators are softly encouraging alignment of segmentation more closely with asset class definitions

    Subsidiary rating and cascading

    Count as a single obligor if it is the same rating

    Credit risk officer decides if there is a support via rules (e.g., idea of an Obligor Risk Group (ORG))

    LBO

    Approaches to modelling LBO credit risk vary across banks: Some institutions treat LBO exposures as a calibration segment within corporate models; while others develop standalone LBO models, especially when aligned with specific business lines

    When LBOs are included in corporate models, projected financials serve as input overrides, contributing to input override budget

    Segment specific questions - Banks/ NBFIs

    External Benchmarks (RiskCalc / Credit Benchmark)

    Benchmarks are primarily used to investigate and validate developed models
    Example of a funds modelling / calibration approach

    Use of expert ranking approach (experts given a list of N funds to rank from 1 to N); sample size is a balance between coverage vs fatigue of experts

    Van der Burgt methodology for calibration

    Participants mentioned that the PRA was not focused on the sampling methodology used as long as representativeness was demonstrated

  • Recent years has seen the Treasury shoot up the agenda given the length of time the sector had operated in much more benign interest rate conditions. Sector turmoil in 2023 prompted supervisors and banks alike to ensure their ALM, liquidity, and interest rate risk capabilities were adequate for new rate realities. Discover the latest in our dedicated Treasury channel

    6 Topics
    6 Posts

    After a decade of negative or zero interest rates, European economies entered a rising rate cycle in 2022. Now, as markets anticipate the beginning of an easing cycle, deposit betas are expected to catch up. The question is, are banks prepared to compete for deposits in this environment, which is unfamiliar to a whole generation of bankers?

    In 2024, a systematic approach to deposit management is not only a critical value driver but also a necessary defensive tool. By leveraging smart deposit management techniques, anchored on advanced analytics and operational capabilities, banks can optimise their deposit costs significantly.

    What actions have you taken? Where can the community help you?

  • The channel for all areas pertaining to the ability of institutions to deliver critical operations through disruption, comprising of prudential risk frameworks, internal governance, outsourcing, business continuity and crisis response. Recent years has seen much more scrutiny on the reliance of institutions on technology and third parties, with the former very much on the supervisory agenda, perhaps most explicitly embodied with the advent of the Digital Operational Resilience Act (DORA) in Europe

    0 Topics
    0 Posts
    No new posts.
  • With an increasingly complex and interlinked risk landscape, comes an equally complex, corresponding regulatory framework, and it's no surprise how high up regulatory compliance now features on the bank agenda. Check in with your peers on the issues driving this key risk management capability, including compliance operating model, regulatory horizon scanning, and financial crime compliance

    4 Topics
    12 Posts

    For our Fed remediation plan for Sanctions, Audit was key part of the remediation plan. We submitted a full Audit “TOM” including resource model, training, risk assessment, audit testing program, and senior mgmt. reporting. There was also a layered sign off for smaller vs. golden milestones, where Audit got involved to provide design assurance vs. operational effectiveness.

  • Channel dedicated to discussion on the supervisory and societal expectations driving banks to meet their sustainability goals, by embedding ESG criteria into enterprise risk management frameworks to address climate-related and social risks, as well as financial institution's climate risk stress testing capabilities, and disclosure requirements

    2 Topics
    4 Posts

    @OP

    In my experience, it typically depends on the bank's approach to the override:

    Pre-calibration would typically be included if they are trying to include is as an statistical predictor of risk: i.e. you have some historical information that help you calibrate the specific weight and you only include the override if it increases the predictive ability of the model

    Post-calibration if they want it to be a “penalization” mechanism for management (however this will not be fully compliant with EBA calibration guidelines for the use of overrides in IRB models)

  • From supervisory exercises, to internal scenario-planning, crisis simulation and war gaming, stress testing has become an established, post-GFC, risk management tool that institutions are expected to have in place in order to demonstrate the sustainability of their business model and ensure ongoing confidence in the bank. Discover the latest on stress testing in our dedicated channel

    2 Topics
    2 Posts

    In the context of the 2025 EBA Stress Testing exercise we’ve convened our sixth EBA Stress Test industry roundtable, involving representatives from 25 of the largest European banking institutions across ten countries.

    While each bank is looking to approach the stress testing exercise from its own unique perspective, we’ve found that two common trends seemed to emerge:

    Banks expect the anticipated depletion of the Common Equity Tier 1 (CET1) ratio under adverse scenarios to align closely with the outcomes seen in 2023.

    Banks see the operational complexity of the exercise as their main challenge. Participants were concerned about potential CRR3 re-statements (particularly the difficulty in accurately projecting a CRR3 Fully Loaded framework that incorporates all CRR3 phase-ins expected by 2032) as well as the need for top-down calculations to estimate CRR3 compliant RWAs, which could complicate reconciliation efforts and impact result accuracy.

    Other concerns raised by participants included the new timeline and significant changes to Quality Assurance processes - especially regarding potential on-site visits and inspections by the European Central Bank (ECB) - and the unpredictability of the new Net Interest Income (NII) platform and Quality Assurance machinery, which banks believe leaves them with less control over projections and adds to the uncertainty of the exercise.

    Overall, it was insightful to see how given the inherent complexity of the exercise participants agreed on the need for thorough upfront preparation and a robust end-to-end stress testing infrastructure as conditions to success. What are the main concerns at your organisation? How do you feel your competitors will react to EBA’s requirements for this year’s stress testing?

    Graphics: How Oliver Wyman supports Financial Institutions carry out stress testing:
    cc0303ff-d517-49f9-b22c-e6d2071f1964-image.png

  • Whilst dedicated risk management for the development, monitoring and validation of risk models has been long established, the advances in technology, analytics and data driving the banking industry has promoted such model risk frameworks to be updated and enhanced accordingly. Discover the latest impacting your peers across the model lifecycle - model definition, model vs non-model scope, validation, monitoring, periodic review, model risk reporting and governance

    8 Topics
    21 Posts

    Lots of good answers here.

    One tough learning from implementing this at scale is that unlike traditional ML, automated tests can only capture a small fraction of what can go wrong with GenAI. While the automated validation is necessary, it is not sufficient.

    We have typically needed to also develop large manual testing protocols for releases, where humans (either developers or a set of test users), attempts a mixed of predefined and new prompts, and judge the quality of the answers. Often we will uncover “issues” that are very subjective, such as the answers technically being correct but pulling from different files that we wished, or answers being less/more detailed than the average user prefers, or an entirely new file format having issues (hence not covered by tests yet), or a million other things!

    For one of our recent clients, we ran “hackathons” along with releases where both new and power users would try various prompts and score the output. It was incredibly helpful to identify things the tests had failed to see

  • Organisational culture has long been recognized as a key component of risk-taking and risk-adverse behaviours, making it an important dimension underpinning the overall effectiveness of risk management more broadly within an organisation. Use this dedicated space for more discussion on methodologies, values, and behaviours within an organization that shape its approach to risk management and overall awareness and understanding of risk

    2 Topics
    6 Posts

    Hi RisbOWl community.

    I have been thinking lately about the dynamics of the working relationship with 2nd and 3 LOD from a 1LoD perspective.

    While there is much talk about these dynamics from a high-level, ERM or governance perspective, those of us who are in involved more on the day to day interactions need to make sure we 'walk the talk'.

    While clear, continued communication is key, I have found the use of shared resources (such as evidence repositories, plans, collaborative query logs, etc) have really made a difference in the relationship we have built with our validators in the second line of defence.

    What does the community think about common techniques for increasing cross-line of defence productivity.

    Thank you in advance.

  • With as much change in the risk landscape and operating environment, discover insights and discussion on how developments in data and analytics are impacting risk functions, including deployment of AI, regulatory pressures such as BCBS239

    3 Topics
    6 Posts

    🎬 Lights, Camera, Compliance! 🎬
    Imagine you’re in a high-stakes thriller, much like Inception.

    Just as Cobb and his team navigate complex dream layers, banks and financial institutions today are navigating the intricate layers of BCBS 239. But instead of dreams, they’re dealing with data and the regulation that aims to enhance risk data aggregation and reporting capabilities.

    What is BCBS 239?
    At its core, BCBS 239, introduced by the Basel Committee on Banking Supervision, is a set of principles designed to ensure that banks can effectively manage risk through accurate and timely data reporting. Think of it as the ultimate guide for navigating the labyrinth of financial data, ensuring that institutions can make informed decisions and respond swiftly to crises.

    The Challenges: A Real-Life Drama
    However, just like in a good movie, the path to compliance is fraught with challenges. Here are a few key hurdles that institutions face:

    Data Silos: Many banks operate with fragmented data systems, akin to a band struggling to harmonize. Each department has its own version of the truth, making it difficult to achieve a cohesive view of risk exposure

    Legacy Systems: Picture a classic car that’s seen better days. Many institutions rely on outdated technology that hampers their ability to aggregate and report data efficiently, making compliance feel like an uphill battle

    Cultural Resistance: Change is hard, much like a character in a romantic comedy who refuses to acknowledge their feelings. Employees may resist new processes and technologies, fearing disruption to their routine

    Regulatory Complexity: The regulatory landscape is constantly evolving, much like the plot twists in a suspense thriller. Keeping up with these changes requires agility and foresight, which can be a daunting task for many organizations.

    The Road Ahead
    So, how can institutions turn this potential drama into a success story? Here are a few actionable steps

    Invest in Technology: Embrace modern data management solutions that break down silos and streamline reporting processes. Foster a Culture of Compliance: Engage employees at all levels, emphasizing the importance of accurate data for decision-making and risk management. Stay Agile: Regularly review and adapt to regulatory changes, ensuring that your compliance strategies remain robust and effective.

    While BCBS 239 presents its challenges, it also offers an opportunity for banks to enhance their risk management frameworks. By embracing the journey with the right tools and mindset, institutions can transform compliance from a burden into a strategic advantage.

    Let’s continue this conversation! What challenges have you faced in navigating BCBS 239? How have you overcome them? Share your thoughts below! 👇

  • Got a question? Ask away!

    0 Topics
    0 Posts
    No new posts.
Terms of Use Privacy Notice Cookie Notice Manage Cookies